Comment by LiamPowell

1 day ago

This has come up multiple times before [1], and more generally it's come up hundreds of times with Unix style tools in general. It's always been a stupid idea for every tool to have its own barely documented file format.

This wouldn't be an issue if patches were XML or JSON with a well defined schema, but everything must be a boutique undocumented format in the world of Unix tools.

Maybe the worst part about this is that it can entirely come from a patch being exported by git and then imported straight back in to git. If you can't even handle your own undocumented format then what hope do other tools have that want to work with it?

[1]: https://mas.to/@zekjur/116022397626943871

24 comments

LiamPowell

nyrikki 19 hours ago

While patch[0] has problems, the issue here is not that it is undocumented.

Git recently added this doc on roundtripping, and the problem is with git.

     Any line that is of the form:
     * three-dashes and end-of-line, or
     * a line that begins with "diff -", or
     * a line that begins with "Index: "

     is taken as the beginning of a patch, and the commit log message is terminated before the first occurrence of such a line.

The patch isn't even the complicated forms with RCS, ClearCase, Perforce, or SCCS support, it is just doing what the pre-POSIX spec says.

The argument is if git should do input sanitation etc...

But `patch -p1` is doing exactly what was documented, even in the original Larry Wall usenet post of the program.

[0] https://pubs.opengroup.org/onlinepubs/9799919799/utilities/p... [1] https://github.com/git/git/blob/94f057755b7941b321fd11fec1b2...

yjftsjthsd-h 1 day ago

> This wouldn't be an issue if patches were XML or JSON with a well defined schema, but everything must be a boutique undocumented format in the world of Unix tools.

Patch files are readable by humans. Replacing them with XML or JSON would fix this problem, but at the expense of removing a core feature.

phoe-krk 20 hours ago

If, by "readable by humans", you mean "it would reliably fool humans as well", I'd say it's an ambiguity bug regardless of whether it's "a core feature" or not. A patch format, human-readable or not, should clearly indicate which part is the commit message and which part is an actual diff; it's not the case here.

yjftsjthsd-h 19 hours ago

Alright, allow me to disambiguate in your preferred format.

  <?xml version="1.0" encoding="UTF-8"?> <claims> <claims_I_did_not_make description='Claims that I did not make or defend.'> <claim>Patch is perfect.</claim> <claim>Ambiguity is good.</claim> <claim>There are no better formats for conveying patches.</claim> </claims_I_did_not_make> <claims_I_did_make description='What I actually said.'> <claim>Patch files are readable by humans.</claim> <claim>Being readble by humans is useful.</claim> <claim>XML is painful for humans to read and write.</claim> <claim>JSON is painful for humans to read and write.</claim> <claim caveat='Actually this would require all parties to handle JSON or XML correctly which on further reflection I am not sure about. Still, it is a claim I initially made.'>JSON or XML would actually fix this problem in the format.</claim> </claims_I_did_make> <claims_I_did_not_make_but_am_open_to description='Things that were never specified but that I do not actually disagree with.'> <claim>The patch format could be improved.</claim> <claim>Formats should be unambiguous.</claim> <claim>Separating sections is good.</claim> </claims_I_did_not_make_but_am_open_to> </claims>

6 replies →

syntheticnature 1 day ago

Haha, good one. Much like Makefiles, patch format precedes a lot of more modern things (by decades!) and is good enough to stick around. Unlike Makefiles, I've never seen tool gain any acceptance at all to replace patch.

tetha 21 hours ago

And a lot of these older tools are not meant to be fed untrusted, unvetted input. The patch shown there confused me for quite a bit.
Or, more snarky: tee is also a huge security problem if you pipe untrusted input into `tee -a /etc/passwd`, such as `curl | tee -a /etc/passwd`. Not many things are safe with a `curl |` in front of them. I think yes might be?

chrishill89 21 hours ago

> Maybe the worst part about this is that it can entirely come from a patch being exported by git and then imported straight back in to git.

No one wants to apply diffs in commit messages. But some people use this technique via email:

    Finally fix it

    ---

    Changes in v2:

    - Proper formatting
    - Remove irrelevant typo fix

They’ve used the `---` commit message delimiter in the commit message itself so that everything after it won’t be applied by git-am(1). So that’s intentional loss of round tripping.

I would personally use Git notes instead though.

    Finally fix it

    ---

    Notes:
        Changes in v2: ...

Avamander 20 hours ago

This is where I kind-of like the idea of PowerShell, it's just that I dislike almost all other aspects of it and around it.

bombcar 18 hours ago
Same - psh has one good idea and it’s this. The next evolution of shells needs to include it.
- em-bee 14 hours ago
  
  can either of you elaborate what you mean? are you talking about support for structured data passing between scripts/programs?
  
  4 replies →

kevin_thibedeau 21 hours ago

  Patch: 1985
  SGML: 1986

thesz 20 hours ago
XML: 1996
- em-bee 14 hours ago
  
  what are you suggesting? XML is a simplified form of SGML. an SGML parser can parse XML so it was already possible to write an XML like document before XML was defined.

pwdisswordfishs 21 hours ago

> This wouldn't be an issue if patches were XML or JSON

Or MIME, even.